Masanori KUSUNOKI Dkt . 2562/64498 

Serial No.: 09/805,284 
Filed: March 13, 2001 
Page 2 

Listing of Claims 

The following listing of claims will replace all prior versions, 
and listings, of claims in the subject application: 

1. (currently amended) An access authentication system for 
providing a client with a service of connection to a second 
terminal server via a first terminal server, characterized by 
comprising: 

a first authentication server for determining whether or not 
the client should be connected to the first terminal server, on 
the basis of personal information input by the client to the 
first terminal server, the first authentication server creating 
first ticket data by encoding a client parameter, which includes 
part of the personal information, on the basis of a predetermined 
formula a summarization using a one-way function , and 
transferring the first ticket data to the second terminal server 
as well as the client parameter ; and 

a second authentication server for detecting whether or not 
the client parameter is valid and whether or not the first ticket 
data has been used, creating second ticket data by encoding the 
client parameter on the basis of a — predetermined — formula a 
summarization using a one-way function , comparing the first and 
second ticket data, and supplying the second terminal server with 
data indicative of whether or not the second terminal server 
should be connected to the client—^ 

wherein the client parameter includes at least one of ID 
information of the client, an access-originator IP address, and 
an expiration date set for the first ticket data; and 

the first and second authentication servers includes a 
common character string which is predetermined when creating the 
first and second ticket data and which is changed at a 
predetermined point in time. 
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Claims 2-5 (canceled) . 

6. (currently amended) An access authentication system for 
providing a client with a service of connection to a second 
terminal server via a first terminal server, characterized by 
comprising : 

a first authentication server for determining whether or not 
the client should be connected to the first terminal server, on 
the basis of ID information and a password input by the client to 
the first terminal server, the first authentication server 
creating first' ticket data by encoding client parameters, which 
include the ID information, an access-originator IP address of 
the client, a predetermined expiration date and a common 
character string, on the basis of a — predetermined — formula a 
summarization using a one-way function , and transferring the 
first ticket data to the second terminal server as well as the 
client parameter ; and 

a second authentication server for comparing an access- 
originator IP address input by the client to the second terminal 
server with the access-originator IP address of the client 
included in the client parameter, thereby determining whether or 
not access by the client has been executed on or before the 
expiration date, determining whether or not the first ticket data 
has been used, creating second ticket data by encoding the client 

parameters on the basis of a predetermined formula a 

summarization using a one-way function , comparing the first and 
second ticket data, and supplying the second terminal server with 
data indicative of whether or not the second terminal server 
should be connected to the client— j_ 

wherein the first and second authentication servers include 
a common character string which is predetermined when creating 
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the first and second ticket data, and which is changed at a 
predetermined point in time. 

7. (currently amended) An access authentication system for 
providing a client with a service of connection to a second 
terminal server via a first terminal server, characterized by 
comprising by comprising: 

first personal information acquiring means for acquiring 
first personal information input by the client to the first 
terminal server; 

first authentication means for determining whether or not 
the client should be connected to the first terminal server, on 
the basis of the first personal information; 

first ticket data creating means for creating first ticket 
data by encoding a first client parameter, which includes part of 
the first personal information, on the basis of a predetermined 
formula a summarization using a one-way function ; 

transfer means for transferring the first ticket data to the 
second terminal server; 

second personal information acquiring means for acquiring 
personal information input by the client to the second terminal 
server; and 

second authentication means for creating second ticket data 
by encoding the second client parameter, which contains the part 
of the second personal information, on the basis of a 
predetermined formula a summarization using a one-way function , 
comparing the first and second ticket data, and supplying the 
second terminal server with data indicative of whether or not the 
second terminal server should be connected to the client— j_ 

wherein the first ticket data creating means and the second 
authentication means include a common character string which is 
predetermined when creating the first and second ticket data, and 
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which' is changed at a predetermined point in time. 
Claims 8 and 9 (canceled) . 

10. (original) The access authentication system according 
to claim 7, characterized in that the second authentication means 
judges validity of the first ticket data. 

11. (original) The access authentication system according 
to claim 7, characterized in that the second authentication means 
judges legality of the client parameter. 

Claims 12 and 13 (canceled) . 

14. (currently amended) A computer- readable storage medium 
that stores a program for operating a computer, the program being 
characterized by comprising: 

first personal information acquiring means for acquiring 
first personal information from a client in a first terminal 
server; 

first authentication means for determining whether or not 
the client should be connected to the first terminal server, on 
the basis of the first personal information; 

first ticket data creating means for creating first ticket 
data by encoding a client parameter, which includes at least part 
of the first personal information, on the basis of et 
predetermined formula a summarization using a one-way function, 
if the first authentication means determines that the client 
should be connected to the first terminal server; 

transfer means for transferring the first ticket data to a 
second terminal server; 

first ticket data acquiring means for acquiring the first 
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ticket data in the second terminal server; 

second personal information acquiring means for acquiring 
second personal information from the client in the second 
terminal server; 

second ticket creating means for creating second ticket data 
by encoding a client parameter, which includes part of second 
personal information, on the basis of the predetermined formula 
the summarization using a one-way function ; and 

second authentication means for comparing the first and 
second ticket data, thereby determining whether or not the client 
should be connected to the second terminal server— ^_ 

wherein the first ticket data creating means and the second 
authentication means include a common character string which is 
predetermined when creating the first and second ticket data and 
which is changed at a predetermined point in time. 

Claims 15 and 16 (canceled) . 

17. (currently amended) A program for operating a 

computer, comprising: 

first personal information acquiring means for acquiring 
first personal information from a client in a first terminal 
server; 

first authentication means for determining whether or not 
the client should be connected to the first terminal server, on 
the basis of the first personal information; 

first ticket data creating means for creating first ticket 
data by encoding a client parameter, which includes at least part 
of the first personal information, on the basis of et 
predetermined formula a summarization using a one-way function, 
if the first authentication means determines that the client 
should be connected to the first terminal server; 
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transfer means for transferring the first ticket data to a 
second terminal server; 

first ticket data acquiring means for acquiring the first 
ticket data in the second terminal server; 

second personal information acquiring means for acquiring 
second personal information from the client in the second 
terminal server; 

second ticket creating means for creating second ticket data 
by encoding a client parameter, which includes part of second 
personal information, on the basis of the predetermined formula 
the summarization using a one-way function ; and 

second authentication means for comparing the first and 
second ticket data, thereby determining whether or not the client 
should be connected to the second terminal server— j_ 

wherein the first and second ticket data creating means 
include a common character string. which is predetermined when 
creating the first and second ticket data and which is changed at 
a predetermined point in time. 

Claims 18 and 19 (canceled) . 

20. (currently amended) An access authentication method for 
providing a client with a service of connection to a second 
terminal server via a first terminal server, characterized by 
comprising : 

a first authentication step of determining whether or not 
the client should be connected to the first terminal server; 

a first ticket data creating step of creating first ticket 
data by encoding a client parameter, which includes at least part 
of personal information input by he client, on the basis of et 
predetermined — formula a summarization using a one-way function ; 

a data transfer step of transferring the client parameter 
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and the first ticket data to the second terminal server; 

a detection step of detecting whether or not the client 
parameter in the first terminal server is valid, and whether or 
not the first ticket data has been used; 

a second ticket data creating step of creating a second 
ticket data by encoding the client parameter on the basis of et 
predetermined formula a summarization using a one-way function ; 

a ticket data comparison step of comparing the second ticket 
data with the, first ticket data; and 

a second authentication step of determining whether or not 
the client should be connected to the second terminal server, on 
the basis of results obtained at the determination step arid the 
comparison step— j_ 

wherein the first and second ticket data creating steps 
include a common character string which is predetermined when 
creating the first and second ticket data and which is changed at 
a predetermined point in time. 



